This is a fairly straightforward way to get SSL certificates on FreeBSD using CertBot. You might notice in a previous how-to I described how to get a Cloudfare origin server installed on Apache. Why not just use that? Cloudflare origin servers certificates are great if you use Cloudflare for your website. The downside is that, unless you’re communicating with Cloudflare, they’re no better than a self-signed certificate. For email or other uses of SSL, you may need to get a certificate from Let’s Encrypt (or elsewhere). Here’s how to install the certificate and configure it for use with Apache.
Time needed: 15 minutes
Get a certificate for FreeBSD using CertBot
- Install Certbot
# pkg install py39-certbot - Run Certbot
# certbot certonly –standalone -d yourdomain.com - Note where files are
Certificates should be located in /usr/local/etc/letsencrypt/live/yourdomain.com/ - Test Renewal
# certbot renew –dry-run - Edit Apache Configuration File to Enable SSL
Edit /usr/local/etc/apache24/httpd.conf
Uncomment the following line (remove the # at the beginning):
LoadModule ssl_module libexec/apache24/mod_ssl.so - Enable Apache SSL Configuration File
In the same file as step #5, uncomment the following lines:
Include etc/apache24/extra/httpd-ssl.conf
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so - Edit SSL Configuration File (part 1)
Edit /usr/local/etc/apache24/extra/httpd-ssl.conf
You’ll need to made some key changes.
1. Find DocumentRoot and change it to the appropriate value (where your website is served from).
2. Find ServerName and change it to the appropriate value (your URL).
3. ServerAdmin, ErrorLog, and TransferLog are values you can optionally set. - Edit SSL Configuration File (part 2)
We need to configure the keys produced in step 3 for the SSL configuration file.
Find the line that begins with SSLCertificateFile and change it to the following:
SSLCertificateFile "/usr/local/etc/letsencrypt/live/yourdomain.com/cert.pem"
Next find the line that begins with SSLCertificateKeyFile and change it to the following:
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/yourdomain.com/live/privkey.pem"
Note: If you get a 403 error when you attempt to go to your site, you might need to append your SSL configuration. First, local the configuration you have for port 80 (not SSL). Usually this will be found in /usr/local/etc/apache24/httpd.conf or /usr/local/etc/apaceh24/extra/httpd-vhosts.conf. Find the section that begins with <Directory /usr/local/www/yoursite> or something similar. Copy everything up to (and including) the closing </Directory> tag to your SSL configuration file somewhere between the tags <VirtualHost _default_:443> and </VirtualHost>.
You Now Have a CertBot Certificate for FreeBSD
Congratulations, you now have a Let’s Encrypt certificate installed by CertBot. You can also use this certificate for things like email
